Google confirmed that one million Gmail accounts might have been targeted by nation-state hackers.
The news is worrying, the company is observing a significant increase in the number of hacking attacks on user email accounts.
Google announced that it is able to identify operations carried out by state-sponsored hackers and it is its intention to notify potentially affected customers.
Google hasn’t provided details on the number of affected customers, anyway , it confirmed that the list of victims “often” includes “activists, journalists, and policy-makers taking bold stands around the world.”
Google confirmed that only a limited number of customers are targeted by state-sponsored hackers, roughly less than 0.1% of users ever receive a notification from the company that anyway consider critic to inform users on ongoing attacks.
In the past, users received a warning through a pink Warning tab present on top of Gmail urging victims to adopt necessary countermeasures.
Now Google has improved the notification messages using a full-page warning related to state-sponsored hacking.
“Today, we’re launching a new, full-page warning with instructions about how these users can stay safe. They may see these new warnings instead of, or in addition to, the existing ones.”
Google is improving its “safe browsing” security notifications, a mechanism to inform users when they are going to open suspicious links included in receiving emails. The users will receive a full-page notice before opening the link, meanwhile, in the past the same notification was provided before a link was clicked.
“Safe Browsing already protects Gmail users by identifying potentially dangerous links in messages. Starting this week, Gmail users will begin to see warnings if they click these links, further extending this protection to different web browsers and email apps. ” States the security advisory published by Google.
Google is continuing to push email encryption to protect its customers from government surveillance. Google is working with IT Giants, including Comcast, Microsoft, and Yahoo, to propose a new secure email mechanism.
In the last weeks, Google implemented a mechanism to warn Gmail users when they send and receive email over unsecured connections.
“This has had an immediate, positive effect on Gmail security. In the 44 days since we introduced it, the amount of inbound mail sent over an encrypted connection increased by 25%. We’re very encouraged by this progress! ” states Google.
“Given the relative ease of implementing encryption and its significant benefits for users, we expect to see this progress continue.”
(Security Affairs – Google, state-sponsored hacking)